1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: PossibleInfection: Webrebates,Winupdates,PeperTroj,etc

Discussion in 'Windows XP' started by Mcwipenshiner, Aug 6, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Mcwipenshiner

    Mcwipenshiner Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    21
    Hello everyone,
    I have had recent problems on this computer which seem to be resulting from a series of spyware, adware, and trojans. I'm thinking i have the possibility of being infected with the trojan downloader "peper" which shows up in spysweeper as "2LRX2W83X2T3MQ"(but not too sure..?) as well as a bundle that seems impossible to get rid of consisting of "Webrebates," "Winupdates," and "SysProtect Free" which are quite possibly the most annoying adware and spyware in the world today! Adware called NewdotNet was on my computer but i read somewhere that they are a actual company and that i should go to their website and use their uninstaller on removal option #4. I still get the error for NewdotNet at the startup and it keeps adding itself to the "HKEY/.../Run" directories all over again, maybe it's just the remnants of NewdotNet.
    Anyways, all these problems keep adding themselves to the Msconfig startup and Spysweeper startup without my permission. Any help to rid these problems would be greatly appreciated. Oh, and i have read in some places that it is possible to remove "NewdotNet," "Webrebates" and possibly "Winupdates" from the control panel's add/remove option, yet none of this adware shows up anywhere in the add/remove programs entire list. Thanks in advance.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:56:16 PM, on 8/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
    O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe" /startup
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1135839207\ee\AOLSoftware.exe"
    O4 - HKLM\..\RunOnce: [c_usdir] cmd /C "rmdir /Q C:\WINDOWS\system32\Macromed\Download"
    O4 - HKLM\..\RunOnce: [b_usexe] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.exe"
    O4 - HKLM\..\RunOnce: [a_usdll] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.dll"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    Thanks,
    Paul
     
  2. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Hello Mc. Welcome. I am reviewing your HijackThis log now and will post a reply as soon as possible.
     
  3. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Okay, Mcwipenshiner, first, open up the Control Panel, click "Add/Remove Programs", find "Weatherbug", click on it once to highlight it then click "Remove/Change" to uninstall it. Do the same with "java j2re1.4.2"
    Then download and install the latest version of java from www.java.com

    Now, please open WebRoot SpySweeper
    * Update to the latest definitions, click Yes.
    * Exit SpySweeper.

    Next, open up HijackThis again, do a system scan only, and when it finishes, place a check before the following lines:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)

    Then make sure ALL windows are closed except HijackThis and hit the "Fix checked" button.

    Print out the following instructions or copy them to Notepad as you will not have internet access from Safe Mode:

    Now, boot the computer into Safe Mode. Click here for instructions on how to boot into Safe Mode.

    * Open up Webroot SpySweeper, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:

    • o Sweep Memory
      o Sweep Registry
      o Sweep Cookies
      o Sweep All User Accounts
      o Enable Direct Disk Sweeping
      o Sweep Contents of Compressed Files
      o Sweep for Rootkits

      o Please UNCHECK Do not Sweep System Restore Folder.
    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.

    Reboot the computer back to Normal Mode.

    Run HijackThis again, save a logfile this time and post it back here along with the session log from Webroot SpySweeper.
     
  4. Mcwipenshiner

    Mcwipenshiner Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    21
    Hi Kdd9, thanks for replying to my post. I followed your instructions carefully and finished each step. I just had a few minor problems in the process. First, you said to remove Weatherbug from the Add/remove programs in which i found that it was non-existent. I removed weatherbug some time ago, and that must have been something left over that was in the HijackThis Log, in which case i deleted that value from the HijackThis after my scan along with the other two you said to delete. In addition, i deleted values found in my HT scan for "Webrebates," "New.net Startup," and "Winupdates." Upon deletion, each of these three values immediately remade themselves and Spysweeper alerted me about the added startup programs.
    "New.net Startup" rundll32 is using a loaded DLL file to hook into my system and start itself up each time i delete it, yet spysweeper nor I can find its core. Meanwhile, "Webrebates" is using Javascriptfile to autoload at startup in which case I cannot find this either. And finally, "Winupdates" is classified as being located in directory "C/program files/winupdates/winupdates.exe/auto," yet no directory even exists even with all hidden files shown. A seach with "*.*" fails to present any results of the three.
    Here is my new HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 4:16:37 PM, on 8/8/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
    O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe" /startup
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    O4 - HKLM\..\Run: [WebRebates] javaw -cp "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
    O4 - HKLM\..\RunOnce: [c_usdir] cmd /C "rmdir /Q C:\WINDOWS\system32\Macromed\Download"
    O4 - HKLM\..\RunOnce: [b_usexe] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.exe"
    O4 - HKLM\..\RunOnce: [a_usdll] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.dll"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



    It seems my Spysweeper Log is much too long to added to the thread. It's at least 10 times the maximum amount of characters and is a 284kb notepad file. Spysweeper found no threats in its search afterwords but after reviewing the log I did see that it was unable to access some files on the "Guest" user which requires no password to log onto, therefore could present a security vunerability to some spyware which attempts to log onto to xp by using generic passwords, and in this case leaving a password blank to log on. Should I change this?

    Thanks, Paul
     
  5. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Please download Brute Force Uninstaller to your desktop.
    • Right click the BFU folder on your desktop, and choose Extract All
    • Click "Next"
    • In the box to choose where to extract the files to,
    • Click "Browse"
    • Click on the + sign next to "My Computer"
    • Click on "Local Disk (C:\) or whatever your primary drive is
    • Click "Make New Folder"
    • Type in BFU
    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
    RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
    Save it in the same folder you made earlier (c:\BFU).
    Do not run the Uninstaller and the Remover yet.


    Download and install CCleaner from here.
    Note: if you do not want the Yahoo Toolbar installed with it, make sure you uncheck that option when you get to the window that shows it during the installation process.
    Don't run CCleaner just yet.

    Launch Ewido
    [*]On the main screen under Your Computer's security.
    [*]Click on Change state next to Resident shield. It should now change to inactive.
    [*]Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    [*]Wait until you see the Update succesfull message.
    [*]Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
    [/list]If you are having problems with the updater, you can use this link to manually update ewido.
    Ewido manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

    Now please go to the Control Panel > Add/Remove Programs and remove the following if present:

    Top Rebates
    Web rebates
    NewDotNet

    (Don't worry about WeatherBug -- evidently it's gone.)

    The following is very important as these programs may interfere with the fix:

    We need to disable Spysweeper:

    Open it, click >Options over to the left then >program options >Uncheck "load at windows startup".
    Over to the left click shields and uncheck all there.
    Uncheck "home page shield".
    Uncheck "automaticly restore default without notifiction".

    Now, disable ewido:

    To disable Ewido:

    From the system tray:

    Right-click the system tray icon and uncheck real time protection.

    or From within Ewido -
    Under 'Your security status', if the real time protection is active, deactivate it by clicking 'real time protection' until the status says 'inactive'.

    Now, we need to disable Windows Defender

    • * Open Windows Defender
      * Click Tools
      * Click General Settings
      * Scroll down to Real Time Protection Options
      * Uncheck Turn on Real Time Protection (recommended)
      * After you uncheck this, click on the Save button
      * Close Windows Defender

    Once your system is clean, you can re-enable these programs.

    Now open up HijackThis again, do a system scan only, and when it finishes place a check before the following lines:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s

    O4 - HKLM\..\Run: [WebRebates] javaw -cp "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"

    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

    O4 - HKLM\..\RunOnce: [c_usdir] cmd /C "rmdir /Q C:\WINDOWS\system32\Macromed\Download"

    O4 - HKLM\..\RunOnce: [b_usexe] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.exe"

    O4 - HKLM\..\RunOnce: [a_usdll] cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.dll"

    Then make sure ALL windows are closed except HijackThis and hit the "Fix checked" button.

    You will want to print out the following instructions or copy them to Notepad as you will not have internet access from Safe Mode:

    Now, boot the computer into Safe Mode. Click here for instructions on how to boot into Safe Mode.

    Next, if you haven't already, we need to set XP to show all files:

    To enable the viewing of Hidden files follow these steps:

    • 1. Close all programs so that you are at your desktop.
      2. Double-click on the "My Computer" icon.
      3. Select the "Tools" menu and click "Folder Options".
      4. After the new window appears select the "View" tab.
      5. Put a checkmark in the checkbox labeled "Display the contents of system folders".
      6. Under the Hidden files and folders section select the radio button labeled "Show hidden files and folders".
      7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
      8. Remove the checkmark from the checkbox labeled "Hide protected operating system files".
      9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
      10. Now your computer is configured to show all hidden files.
    Because XP will not always show you hidden files and folders by default,
    Go to Start > Search and under "More advanced search options", make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next, using Windows Explorer and/or Search function, find and delete the following folders marked in bold if they are present. Delete ONLY the part in bold:

    C:\Program Files\NewdotNet

    C:\Program Files\WebRebates (Delete any folder with WebRebates in the name.)

    C:\Program Files\Web_Cpr (Or WebCpr)

    C:\Program Files\winupdates

    C:\WINDOWS\system32\Macromed


    Now, still in Safe Mode, do the following:

    Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

    Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu

    Press execute and let it do its job.

    Wait for the complete script execution box to pop up and press OK.
    Press exit to terminate the BFU program.

    Run CCleaner:
    Open the program, leave it on the default settings, click on the "Run Cleaner" button, then click "OK". Let it scan and clean until it's finished, and when it says, "Cleaning complete" in the status window, exit the program.

    Run ewido:
    Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
    • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
    [*]Under How to scan?
    • All checkboxes should be ticked.
    [*]Under Possibly unwanted software:
    • All checkboxes should be ticked.
    [*]Under Reports:
    • Select Automatically generate report after every scan and uncheck Only if threats were found.
    [*]Under What to scan?
    • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
    [*]When done, click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
    • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot in Normal Mode.

    Now, open up HijackThis again, Click on the "Open the Misc Tools section". Next to the button that says, "Generate StartupList log" place a check in each of the boxes before, "List also minor sections (full), and, "List empty sections (complete)". Then hit the "Generate StartupList log" button.
    When it's done, the list will open up in Notepad. Please save that list and post it here in your next reply.
    Close Notepad.
    Hit the "Back" button in HijackThis.
    Hit "Scan" and save the logfile.

    Post the newest HijackThis log back here along with the HijackThis Startup list, and the report from ewido.

    Note: If you can't fit all of the logs into one post, split them up into sections and post them seperately.
     
  6. Mcwipenshiner

    Mcwipenshiner Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    21
    Hi, I just have a minor problem. You gave me these instructions near the beginning "RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
    Save it in the same folder you made earlier (c:\BFU).
    Do not run the Uninstaller and the Remover yet."
    yet Right Clicking on the "RIGHT-CLICK HERE" shows the Save Target As but i cannot click on it for some reason because it's grey. I can "Open," "Open in New Window," "Copy Shortcut" "Add to Favorites" and look at it's "Properties" yet i cannot Save Target As.
    What should I do?
     
  7. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Just right-click it and choose "Open" and when it opens hit Edit > Select All > Edit > Copy. Then open up Notepad and hit Edit > Paste. Then click File > Save As and save it as "alcanshorty.bfu.txt" (without the quotes). Save it to the same folder you made earlier (c:\BFU).
    Let me know if that doesn't work.
     
  8. Mcwipenshiner

    Mcwipenshiner Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    21
    Hello, I followed your instructions carefully and here is my new HT logs and ewido log.

    HijackThis Log:

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
    O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AcctMgr] "C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe" /startup
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe




    And here is my Ewido Anti-Spyware Results:

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 1:00:13 AM 8/10/2006

    + Scan result:



    C:\RECYCLER\NPROTECT\00003923.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00003924.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00003925.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00003929.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00003930.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00003932.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00004501.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00004502.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00004505.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00004912.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00004935.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00004949.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00005535.TXT -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Charlie McLennon\Cookies\charlie [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\Documents and Settings\Charlie McLennon\Cookies\charlie [email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00005469.TXT -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00005485.TXT -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00005489.TXT -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00005491.TXT -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00005493.TXT -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00005510.TXT -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00005530.TXT -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00005718.TXT -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
    C:\RECYCLER\NPROTECT\00006895.TXT -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).


    ::Report end


    Continued on next post
     
  9. Mcwipenshiner

    Mcwipenshiner Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    21
    StartupList report, 8/10/2006, 1:06:08 AM
    StartupList version: 1.52.2
    Started from : C:\Program Files\HijackThis\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\Paul McLennon\Start Menu\Programs\Startup]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    SBDrvDet = "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
    CTSysVol = "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
    CTHelper = CTHELPER.EXE
    AcctMgr = "C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe" /startup
    NvCplDaemon = "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    vptray = C:\PROGRA~1\SYMANT~1\VPTray.exe
    NvMediaCenter = RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    SMSystemAnalyzer = "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    *No values found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\AutoCADLTScriptFile\shell\open\command

    (Default) = C:\WINDOWS\NOTEPAD.EXE "%1"

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = NOTEPAD.EXE %1

    --------------------------------------------------

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{4b218e3e-bc98-4770-93d3-2731b9329278}] *
    StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe

    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

    [{8b15971b-5355-4c82-8c07-7e181ea07608}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

    --------------------------------------------------

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is NOT normal! (NOTEPAD.EXE %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'

    Registry check failed!

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    MP Scheduled Scan.job
    Norton SystemWorks One Button Checkup.job
    Symantec Drmc.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [QuickTime Object]
    InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Windows Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
    CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

    [ewidoOnlineScan Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
    CODEBASE = http://download.ewido.net/ewidoOnlineScan.cab

    [Symantec AntiVirus scanner]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

    [Symantec RuFSI Utility Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    [Trend Micro ActiveX Scan Agent 6.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
    CODEBASE = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

    [Java Plug-in 1.5.0_06]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38023.7972800926

    [System Requirements Lab Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\sysreqlab.dll
    CODEBASE = http://www.systemrequirementslab.com/sysreqlab.cab
    OSD = C:\WINDOWS\Downloaded Program Files\sysreqlab.osd

    [Java Plug-in 1.4.0]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi140.dll
    CODEBASE = http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab

    [Java Plug-in 1.5.0_06]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [Java Plug-in 1.5.0_06]
    InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Flash\Flash8a.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll

    --------------------------------------------------

    Continued.. :)
     
  10. Mcwipenshiner

    Mcwipenshiner Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    21
    Enumerating Windows NT/2000/XP services

    a347bus: system32\DRIVERS\a347bus.sys (system)
    a347scsi: System32\Drivers\a347scsi.sys (system)
    abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
    Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
    Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
    adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
    Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
    AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
    Intel AGP Bus Filter: \SystemRoot\System32\DRIVERS\agp440.sys (system)
    Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
    Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
    aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
    aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
    Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
    Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
    AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
    ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
    AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
    amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
    AnyDVD: System32\Drivers\AnyDVD.sys (manual start)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
    asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
    asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
    ASF Agent: C:\Program Files\Intel\ASF Agent\ASFAgent.exe (autostart)
    AsfAlrt: \??\C:\WINDOWS\System32\drivers\AsfAlrt.sys (autostart)
    ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
    RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
    Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
    ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
    Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
    Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
    Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
    Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
    cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
    CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
    Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
    CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
    COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    CO_Mon: \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys (manual start)
    Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
    Creative Service for CDROM Access: C:\WINDOWS\System32\CTsvcCDA.exe (autostart)
    Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Creative AC3 Software Decoder: system32\drivers\ctac32k.sys (manual start)
    Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)
    Creative DVD-Audio Device Driver: system32\drivers\ctdvda2k.sys (manual start)
    Creative Proxy Driver: system32\drivers\ctprxy2k.sys (manual start)
    Creative SoundFont Management Device Driver: system32\drivers\ctsfm2k.sys (manual start)
    dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
    dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
    DAHRVFZO: \??\C:\WINDOWS\system32\dahrvfzo.pop (autostart)
    DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    Symantec AntiVirus Definition Watcher: "C:\Program Files\Symantec AntiVirus\DefWatch.exe" (autostart)
    DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Disk Driver: System32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
    dmload: System32\drivers\dmload.sys (system)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
    MS IEEE-1284.4 Driver: System32\DRIVERS\Dot4.sys (manual start)
    Print Class Driver for IEEE-1284.4: System32\DRIVERS\Dot4Prt.sys (manual start)
    Scan Class Driver for IEEE-1284.4: System32\DRIVERS\Dot4Scan.sys (manual start)
    dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
    Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
    drvmcdb: system32\drivers\drvmcdb.sys (system)
    dtscsi: \SystemRoot\System32\Drivers\dtscsi.sys (manual start)
    Intel(R) PRO/1000 Adapter Driver: System32\DRIVERS\e1000325.sys (manual start)
    3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
    ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
    E-mu Plug-in Architecture Driver: system32\drivers\emupia2k.sys (manual start)
    Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
    ewido anti-spyware 4.0 driver: \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys (system)
    ewido anti-spyware 4.0 guard: C:\Program Files\ewido anti-spyware 4.0\guard.exe (autostart)
    Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Fax: %systemroot%\system32\fxssvc.exe (autostart)
    Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
    Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
    FltMgr: system32\drivers\fltmgr.sys (system)
    Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
    Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
    GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
    Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
    Creative Hardware Abstract Layer Driver: system32\drivers\ha10kx2k.sys (manual start)
    Creative P16V HAL Driver: system32\drivers\hap16v2k.sys (manual start)
    Creative P17V HAL Driver: system32\drivers\hap17v2k.sys (manual start)
    Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
    hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
    HSFHWBS2: System32\DRIVERS\HSFHWBS2.sys (manual start)
    HSF_DP: System32\DRIVERS\HSF_DP.sys (manual start)
    HTTP: System32\Drivers\HTTP.sys (manual start)
    HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
    i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
    i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
    i81x: System32\DRIVERS\i81xnt5.sys (manual start)
    iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
    iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
    iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
    iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
    iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
    iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
    iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
    iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
    iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
    iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
    Iap: C:\Program Files\Dell\OpenManage\Client\Iap.exe (autostart)
    InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
    CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
    IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
    ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
    IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
    Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
    IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
    iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
    IPSEC driver: System32\DRIVERS\ipsec.sys (system)
    IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
    Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
    Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
    Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
    mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
    WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
    Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
    Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
    NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060803.048\naveng.sys (manual start)
    NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060803.048\navex15.sys (manual start)
    Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
    NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
    Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
    NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
    NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
    Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
    Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
    Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Intel NCS NetService: C:\Program Files\Intel\NCS\Sync\NetSvc.exe (manual start)
    Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Norton Unerase Protection Driver: \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS (manual start)
    Norton Unerase Protection: C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE (autostart)
    NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
    Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    nv: system32\DRIVERS\nv4_mini.sys (manual start)
    NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
    IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
    OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system)
    Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)
    Creative SB Live! Series (WDM): system32\drivers\P16X.sys (manual start)
    Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
    Parallel port driver: System32\DRIVERS\parport.sys (manual start)
    PCI Bus Driver: System32\DRIVERS\pci.sys (system)
    PCIIde: System32\DRIVERS\pciide.sys (system)
    Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
    perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
    perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
    PfModNT: \??\C:\WINDOWS\system32\drivers\PfModNT.sys (autostart)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    PMEM: \??\C:\WINDOWS\system32\drivers\pmemnt.sys (autostart)
    IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
    WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
    Processor Driver: System32\DRIVERS\processr.sys (system)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    ProtoWall Network Service: system32\DRIVERS\ProtoWall.sys (manual start)
    QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
    Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
    PxHelp20: System32\Drivers\PxHelp20.sys (system)
    ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
    Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
    ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
    ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
    ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
    Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
    Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
    Rdbss: System32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
    Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
    Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
    Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
    LiveShare P2P Server: "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe" (autostart)
    RoxMediaDB: "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe" (manual start)
    RoxUpnpRenderer: "C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe" (manual start)
    RoxUpnpServer: "C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe" (autostart)
    Roxio Hard Drive Watcher: "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe" (autostart)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
    RxFilter: system32\DRIVERS\RxFilter.sys (system)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    SAVRoam: "C:\Program Files\Symantec AntiVirus\SavRoam.exe" (manual start)
    SAVRT: \??\C:\Program Files\Symantec AntiVirus\savrt.sys (system)
    SAVRTPEL: \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys (autostart)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SDdriver: \??\C:\WINDOWS\System32\Drivers\sddriver.sys (manual start)
    Secdrv: System32\DRIVERS\secdrv.sys (autostart)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
    Serial port driver: System32\DRIVERS\serial.sys (system)
    Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)
    Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
    Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
    Speed Disk service: C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE (autostart)
    Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    sptd: System32\Drivers\sptd.sys (system)
    System Restore Filter Driver: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
    System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Srv: System32\DRIVERS\srv.sys (manual start)
    SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Spy Sweeper File System Filer Driver: 0509: SYSTEM32\Drivers\SSFS0509.SYS (system)
    Spy Sweeper Hookrack MiniDriver: SYSTEM32\Drivers\SSHRMD.SYS (system)
    Spy Sweeper Interdiction Driver: SYSTEM32\Drivers\SSIDRV.SYS (system)
    Webroot Spy Sweeper Keylogger Shield Keyboard Filter: System32\Drivers\sskbfd.sys (manual start)
    Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
    Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{261FF5D6-55B3-4D28-8348-7DBC93E219F0} (manual start)
    Symantec AntiVirus: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" (autostart)
    Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
    symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
    symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
    SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
    symlcbrd: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys (autostart)
    SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
    SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
    SymWMI Service: "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" (autostart)
    sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
    sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
    Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
    Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
    Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
    TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
    Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
    Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
    Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
    USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
    USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
    Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
    VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
    VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
    ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
    Webroot Spy Sweeper Engine: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (autostart)
    winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start)
    Windows Defender Service: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    WMDM PMSP Service: C:\WINDOWS\System32\MsPMSPSv.exe (autostart)
    Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
    Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
    Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: *Registry value not found*

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *No values found*

    --------------------------------------------------

    End of report, 42,986 bytes
    Report generated in 0.234 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only


    Thanks a bunch for all your great help so far Kdd9,
    -Paul
     
  11. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    I need you to Submit a file to Jotti.
    Please go here : http://virusscan.jotti.org/
    On top of the page there is a field to add the filepath, copy and paste this filepath:

    C:\WINDOWS\system32\dahrvfzo.pop

    Then hit Submit
    The scan will take a while before the result comes up so please be patient.
    Then copy the result and post it here in this thread.

    If Jotti's service load is too high, you can use the following scanner instead:
    http://www.virustotal.com/xhtml/index_en.html
     
  12. Mcwipenshiner

    Mcwipenshiner Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    21
    Hi, it seems I have another problem. This file "dahrvfzo.pop" does not exist within system32. I have my computer set to show all files yet still nothing. I guess this is what you have seen in the logs "DAHRVFZO: \??\C:\WINDOWS\system32\dahrvfzo.pop (autostart)" but it does not show up in system32. Maybe the double "??" has something to do with it's nonappearance, is it somehow hidden elsewhere? I searched for the file in all locations, including hidden locations, to no avail. This file's a tricky one. Any suggestions.

    PS: Even with all we've done, "New.net Startup," "Webrebates," and "Winupdates" still keeps adding themselves to Spysweeper's Startup Items. New.net Startup comes in as "rundll32 C:\PROGA~\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s". It's not located in C:\Program Files anywhere as it suggests above. Webrebates says " javaw -cp "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\Webrebates" ". Winupdates is stated in SpySweeper that it is located in " "C:\Program Files\winupdates\winupdates.exe" -hide " -the word hide next to that one could involved. Anyways, none of these are located in the directories in which spysweeper states...
     
  13. kdd9

    kdd9

    Joined:
    Mar 24, 2005
    Messages:
    516
    Please download WinPFind2.
    • Extract the files to a folder(eg: C:\WinPFind2).
    • Double click WinPFind2.exe to start the program.
    • Click the Select All button in the File Options box of the Configuration tab(this is the tab the program opens up to by default).
    • Click the Run all Scans button.
    • When its finished scanning you will see Scans Complete! at the bottom left of the program.
    • Click the Export to Text button.
    • Notepad will open with the results of the scan and the log will be saved to the folder that you extracted the program to(C:\WinPFind2\WinPFind2.txt)
    • Post the log in your next reply please. You may need to split the log over a couple posts so that it doesn't get cut off. If so please use the [Start Post #1] and [Start Post #2] deliminators in the log to split the log up.
     
  14. Mcwipenshiner

    Mcwipenshiner Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    21
    Logfile created on: 08/11/2006 13:17
    WinPFind2 by OldTimer - Version 1.0.2 Folder = C:\WinPFind2\WinPFind2\
    Microsoft Windows XP (Version = Service Pack 2)
    Internet Explorer (Version - 6.0.2900.2180)


    [Start Post #1]

    Processes
    Image Name---------------ProcessID--Thread Count--Parent ID--Base Priority--
    #Full Path
    ##(Version Info)

    acctmgr.exe--------------003564-----0012----------003012-----Normal---------
    #c:\program files\norton systemworks\password manager\acctmgr.exe
    ##(Symantec Corporation [Ver = 2004.1.406 | Size = 586896 bytes | Date = 08/18/2004 13:41 | Attr = ])

    acrotray.exe-------------000580-----0001----------003012-----Normal---------
    #c:\program files\adobe\acrobat 5.0\distillr\acrotray.exe
    ##(Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 82026 bytes | Date = 10/11/2001 18:35 | Attr = ])

    alg.exe------------------002700-----0006----------000876-----Normal---------
    #c:\windows\system32\alg.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Date = 08/04/2004 02:56 | Attr = ])

    asfagent.exe-------------000668-----0007----------000876-----Normal---------
    #c:\program files\intel\asf agent\asfagent.exe
    ##(Intel Corporation [Ver = 4.0.7.0 | Size = 114688 bytes | Date = 02/10/2003 05:52 | Attr = ])

    ccapp.exe----------------003624-----0010----------003012-----Normal---------
    #c:\program files\common files\symantec shared\ccapp.exe
    ##(Symantec Corporation [Ver = 2.2.0.577 | Size = 66680 bytes | Date = 02/29/2004 16:44 | Attr = ])

    ccevtmgr.exe-------------001684-----0016----------000876-----Normal---------
    #c:\program files\common files\symantec shared\ccevtmgr.exe
    ##(Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Date = 02/29/2004 16:44 | Attr = ])

    ccsetmgr.exe-------------001576-----0008----------000876-----Normal---------
    #c:\program files\common files\symantec shared\ccsetmgr.exe
    ##(Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Date = 02/29/2004 16:44 | Attr = ])

    csrss.exe----------------000788-----0013----------000536-----Normal---------
    #\??\c:\windows\system32\csrss.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Date = 08/04/2004 02:56 | Attr = ])

    ctfmon.exe---------------004004-----0001----------003012-----Normal---------
    #c:\windows\system32\ctfmon.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Date = 08/04/2004 02:56 | Attr = ])

    cthelper.exe-------------003556-----0005----------003012-----Normal---------
    #c:\windows\system32\cthelper.exe
    ##(Creative Technology Ltd [Ver = 1, 2, 0, 2 | Size = 24576 bytes | Date = 03/19/2004 03:33 | Attr = ])

    ctsvccda.exe-------------000696-----0002----------000876-----Normal---------
    #c:\windows\system32\ctsvccda.exe
    ##(Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Date = 12/13/1999 02:01 | Attr = ])

    ctsysvol.exe-------------003540-----0002----------003012-----Normal---------
    #c:\program files\creative\sbaudigy2\surround mixer\ctsysvol.exe
    ##(Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Date = 09/17/2003 10:43 | Attr = ])

    defwatch.exe-------------000712-----0003----------000876-----Normal---------
    #c:\program files\symantec antivirus\defwatch.exe
    ##(Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Date = 03/12/2004 15:17 | Attr = ])

    explorer.exe-------------003012-----0016----------002868-----Normal---------
    #c:\windows\explorer.exe
    ##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Date = 08/04/2004 02:56 | Attr = ])

    guard.exe----------------000744-----0008----------000876-----Normal---------
    #c:\program files\ewido anti-spyware 4.0\guard.exe
    ##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 09:38 | Attr = ])

    iap.exe------------------000776-----0006----------000876-----Normal---------
    #c:\program files\dell\openmanage\client\iap.exe
    ##(Dell Computer Corporation [Ver = 7, 0, 316, 0 | Size = 163840 bytes | Date = 04/04/2002 13:56 | Attr = ])

    iexplore.exe-------------002292-----0015----------003012-----Normal---------
    #c:\program files\internet explorer\iexplore.exe
    ##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Date = 08/04/2004 02:56 | Attr = ])

    iexplore.exe-------------001268-----0015----------003012-----Normal---------
    #c:\program files\internet explorer\iexplore.exe
    ##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Date = 08/04/2004 02:56 | Attr = ])

    lsass.exe----------------000888-----0020----------000828-----Normal---------
    #c:\windows\system32\lsass.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Date = 08/04/2004 02:56 | Attr = ])

    msascui.exe--------------003596-----0018----------003012-----Normal---------
    #c:\program files\windows defender\msascui.exe
    ##(Microsoft Corporation [Ver = 1.1.1347.0 | Size = 777424 bytes | Date = 04/03/2006 18:12 | Attr = ])

    msmpeng.exe--------------001220-----0016----------000876-----Normal---------
    #c:\program files\windows defender\msmpeng.exe
    ##(Microsoft Corporation [Ver = 1.1.1347.0 | Size = 14032 bytes | Date = 04/03/2006 18:12 | Attr = ])

    mspmspsv.exe-------------001472-----0002----------000876-----Normal---------
    #c:\windows\system32\mspmspsv.exe
    ##(Microsoft Corporation [Ver = 7.00.00.1954 | Size = 53520 bytes | Date = 06/26/2000 08:44 | Attr = ])

    nopdb.exe----------------000272-----0004----------000876-----Normal---------
    #c:\progra~1\norton~1\norton~1\speedd~1\nopdb.exe
    ##(Symantec Corporation [Ver = 7.00.0.24 | Size = 176193 bytes | Date = 09/10/2003 05:59 | Attr = ])

    nprotect.exe-------------000192-----0011----------000876-----Normal---------
    #c:\progra~1\norton~1\norton~1\nprotect.exe
    ##(Symantec Corporation [Ver = 17.0.0.82 | Size = 81920 bytes | Date = 09/10/2003 06:26 | Attr = ])

    nvsvc32.exe--------------001056-----0003----------000876-----Normal---------
    #c:\windows\system32\nvsvc32.exe
    ##(NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 155715 bytes | Date = 06/01/2006 17:22 | Attr = ])

    roxmediadb.exe-----------001504-----0012----------000876-----Normal---------
    #c:\program files\common files\roxio shared\sharedcom8\roxmediadb.exe
    ##(Sonic Solutions [Ver = 8.0.1.93 | Size = 856064 bytes | Date = 09/19/2005 17:24 | Attr = ])

    roxwatch.exe-------------001604-----0013----------000876-----Normal---------
    #c:\program files\common files\roxio shared\sharedcom8\roxwatch.exe
    ##(Sonic Solutions [Ver = 8.0.1.93 | Size = 155648 bytes | Date = 09/19/2005 17:20 | Attr = ])

    rtvscan.exe--------------000312-----0041----------000876-----Normal---------
    #c:\program files\symantec antivirus\rtvscan.exe
    ##(Symantec Corporation [Ver = 9.0.0.338 | Size = 1221864 bytes | Date = 03/12/2004 15:17 | Attr = ])

    rundll32.exe-------------003648-----0001----------003012-----Normal---------
    #c:\windows\system32\rundll32.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Date = 08/04/2004 02:56 | Attr = ])

    services.exe-------------000876-----0015----------000828-----Normal---------
    #c:\windows\system32\services.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Date = 08/04/2004 02:56 | Attr = ])

    smss.exe-----------------000536-----0003----------000004-----Normal---------
    #\systemroot\system32\smss.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Date = 08/04/2004 02:56 | Attr = ])

    spoolsv.exe--------------001804-----0014----------000876-----Normal---------
    #c:\windows\system32\spoolsv.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) | Size = 57856 bytes | Date = 06/10/2005 18:53 | Attr = ])

    spysweeper.exe-----------000456-----0034----------000876-----Normal---------
    #c:\program files\webroot\spy sweeper\spysweeper.exe
    ##(Webroot Software, Inc. [Ver = 3,0,7,1608 | Size = 3068928 bytes | Date = 08/03/2006 20:01 | Attr = ])

    spysweeperui.exe---------003656-----0007----------003012-----Normal---------
    #c:\program files\webroot\spy sweeper\spysweeperui.exe
    ##(Webroot Software, Inc. [Ver = 5,0,7,1608 | Size = 3871744 bytes | Date = 08/03/2006 20:02 | Attr = ])

    ssu.exe------------------002220-----0001----------000456-----Normal---------
    #c:\program files\webroot\spy sweeper\ssu.exe
    ##( [Ver = | Size = 164864 bytes | Date = 08/03/2006 20:02 | Attr = ])

    svchost.exe--------------001048-----0018----------000876-----Normal---------
    #c:\windows\system32\svchost.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    svchost.exe--------------001260-----0083----------000876-----Normal---------
    #c:\windows\system32\svchost.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    svchost.exe--------------001124-----0011----------000876-----Normal---------
    #c:\windows\system32\svchost.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    svchost.exe--------------001340-----0014----------000876-----Normal---------
    #c:\windows\system32\svchost.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    svchost.exe--------------001308-----0006----------000876-----Normal---------
    #c:\windows\system32\svchost.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    svchost.exe--------------000248-----0007----------000876-----Normal---------
    #c:\windows\system32\svchost.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    symlcsvc.exe-------------000332-----0005----------000876-----Normal---------
    #c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe
    ##(Symantec Corporation [Ver = 1, 8, 48, 79 | Size = 585728 bytes | Date = 02/01/2004 10:53 | Attr = ])

    vptray.exe---------------003640-----0005----------003012-----Normal---------
    #c:\progra~1\symant~1\vptray.exe
    ##(Symantec Corporation [Ver = 9.0.0.338 | Size = 124128 bytes | Date = 03/12/2004 15:18 | Attr = ])

    wdfmgr.exe---------------000368-----0004----------000876-----Normal---------
    #c:\windows\system32\wdfmgr.exe
    ##(Microsoft Corporation [Ver = 5.2.3790.1230 built by: dnsrv(bld4act) | Size = 38912 bytes | Date = 01/28/2005 13:44 | Attr = ])

    winlogon.exe-------------000828-----0019----------000536-----High-----------
    #\??\c:\windows\system32\winlogon.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Date = 08/04/2004 02:56 | Attr = ])

    winpfind2.exe------------003524-----0001----------003012-----Normal---------
    #c:\winpfind2\winpfind2\winpfind2.exe
    ##(OldTimer Tools [Ver = 1.0.2.0 | Size = 382464 bytes | Date = 08/06/2006 14:59 | Attr = ])

    wmiprvse.exe-------------002308-----0017----------001048-----Normal---------
    #c:\windows\system32\wbem\wmiprvse.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 218112 bytes | Date = 08/04/2004 02:56 | Attr = ])


    Registry Entries
    Key
    #Value
    ##(Version Info)

    Version Info
    #
    ##

    WinPFind2 by OldTimer - Version 1.0.2
    #
    ##

    Microsoft Windows XP Version = Service Pack 2
    #
    ##

    Internet Explorer Version = 6.0.2900.2180
    #
    ##

    Internet Explorer Settings
    #
    ##

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
    #http://www.google.com
    ##

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
    #http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    ##

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Page
    #
    ##

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Search
    #http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    ##

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
    #C:\WINDOWS\SYSTEM32\blank.htm
    ##

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
    #http://www.google.com
    ##

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
    #http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    ##

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
    #C:\WINDOWS\system32\blank.htm
    ##

    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable
    #0
    ##

    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride
    #
    ##

    BHO's
    #
    ##

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    #AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    ##(Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Date = 11/03/2003 14:17 | Attr = ])

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    # = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    ##(Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Date = 05/31/2005 01:04 | Attr = ])

    Internet Explorer Bars, Toolbars and Extensions
    #
    ##

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
    #Shell Search Band = %SystemRoot%\system32\browseui.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) | Size = 1022976 bytes | Date = 05/10/2006 00:23 | Attr = ])

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
    #Search Band = %SystemRoot%\System32\browseui.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) | Size = 1022976 bytes | Date = 05/10/2006 00:23 | Attr = ])

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    #Reg Data missing or invalid = Reg Data missing or invalid
    ##(File not found)

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
    #File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Date = 03/16/2006 23:03 | Attr = ])

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
    #Favorites Band = %SystemRoot%\System32\shdocvw.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2919 (xpsp_sp2_gdr.060529-0150) | Size = 1494016 bytes | Date = 05/29/2006 10:30 | Attr = ])

    HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
    #History Band = %SystemRoot%\System32\shdocvw.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2919 (xpsp_sp2_gdr.060529-0150) | Size = 1494016 bytes | Date = 05/29/2006 10:30 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    #&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2919 (xpsp_sp2_gdr.060529-0150) | Size = 1494016 bytes | Date = 05/29/2006 10:30 | Attr = ])

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
    #&Address = %SystemRoot%\System32\browseui.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) | Size = 1022976 bytes | Date = 05/10/2006 00:23 | Attr = ])

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
    #&Address = %SystemRoot%\System32\browseui.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) | Size = 1022976 bytes | Date = 05/10/2006 00:23 | Attr = ])

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}
    #Reg Data missing or invalid = Reg Data missing or invalid
    ##(File not found)

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    #&Links = %SystemRoot%\system32\SHELL32.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Date = 03/16/2006 23:03 | Attr = ])

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922}
    #Reg Data missing or invalid = Reg Data missing or invalid
    ##(File not found)

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    #&Yahoo! Toolbar = Reg Data missing or invalid
    ##(File not found)

    HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    #8192 - Reg Data missing or invalid
    ##

    HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578}
    #8201 - Reg Data missing or invalid
    ##

    HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{A75C6120-9B36-11d4-A3F0-009027427750}
    #8198 - Reg Data missing or invalid
    ##

    HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
    #8193 - Reg Data missing or invalid
    ##

    HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
    #8197 - Reg Data missing or invalid
    ##

    HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
    #8199 - Reg Data missing or invalid
    ##

    HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683}
    #8200 - Windows Messenger
    ##

    HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\NextId
    #8202
    ##

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
    #ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe
    ##(Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Date = 10/13/2004 11:24 | Attr = ])

    HKCU\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
    #res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    ##(Microsoft Corporation [Ver = 10.0.2614 | Size = 9164192 bytes | Date = 02/16/2001 02:05 | Attr = R ])

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.spop
    # = C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    ##(Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Date = 08/01/2001 18:05 | Attr = ])

    Approved Shell Extensions (Non-Microsoft only)
    #
    ##

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
    #Taskbar and Start Menu = Reg Data missing or invalid
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
    #RXDCExtShlExt extension = C:\Program Files\Roxio\Easy Media Creator 8\Virtual Drive\DC_ShellExt.dll
    ##( [Ver = | Size = 110592 bytes | Date = 09/19/2005 18:57 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1CDB2949-8F65-4355-8456-263E7C208A5D}
    #Desktop Explorer = C:\WINDOWS\system32\nvshell.dll
    ##( [Ver = | Size = 466944 bytes | Date = 06/01/2006 17:22 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1E9B04FB-F9E5-4718-997B-B8DA88302A47}
    #Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll
    ##( [Ver = | Size = 466944 bytes | Date = 06/01/2006 17:22 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1E9B04FB-F9E5-4718-997B-B8DA88302A48}
    #nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll
    ##( [Ver = | Size = 466944 bytes | Date = 06/01/2006 17:22 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}
    #dBpowerAMP Music Converter = D:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll
    ##( [Ver = 6, 0, 0, 1 | Size = 118784 bytes | Date = 06/26/2005 12:25 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32020A01-506E-484D-A2A8-BE3CF17601C3}
    #AlcoholShellEx = C:\ALCOHO~1\alcohol\ALCOHO~1\AXShlEx.dll
    ##(Alcohol Soft Development Team [Ver = 1.4.7.1024 | Size = 387584 bytes | Date = 05/06/2004 13:13 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32683183-48a0-441b-a342-7c2a440a9478}
    #Media Band = Reg Data missing or invalid
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071714-76d4-11d1-8b24-00a0c9068ff3}
    #Display Panning CPL Extension = Reg Data missing or invalid
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5E44E225-A408-11CF-B581-008029601108}
    #Roxio DragToDisc Shell Extension = C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll
    ##(Sonic Solutions [Ver = 8.0.1.60 | Size = 319488 bytes | Date = 09/19/2005 17:54 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{764BF0E1-F219-11ce-972D-00AA00A14F56}
    #Shell extensions for file compression = Reg Data missing or invalid
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A9D77BD-5403-11d2-8785-2E0420524153}
    #User Accounts = Reg Data missing or invalid
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7C9D5882-CB4A-4090-96C8-430BFE8B795B}
    #Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
    ##(Webroot Software, Inc. [Ver = 5,0,7,1608 | Size = 218112 bytes | Date = 08/03/2006 20:02 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
    #Encryption Context Menu = Reg Data missing or invalid
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8}
    #HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll
    ##(Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 08/29/2002 06:00 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A70C977A-BF00-412C-90B7-034C51DA2439}
    #NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll
    ##(NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 7618560 bytes | Date = 06/01/2006 17:22 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
    #WinRAR shell extension = D:\WinRAR\rarext.dll
    ##( [Ver = | Size = 120832 bytes | Date = 01/22/2004 19:36 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
    #iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll
    ##(Apple Computer, Inc. [Ver = 6.0.3.5 | Size = 102400 bytes | Date = 02/08/2006 15:15 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BDA77241-42F6-11d0-85E2-00AA001FE28C}
    #LDVP Shell Extensions = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
    ##(Symantec Corporation [Ver = 9.0.0.338 | Size = 46192 bytes | Date = 03/12/2004 15:18 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79304-84BE-11CE-9641-444553540000}
    #WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    ##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Date = 11/27/2001 08:10 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79305-84BE-11CE-9641-444553540000}
    #WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    ##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Date = 11/27/2001 08:10 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79306-84BE-11CE-9641-444553540000}
    #WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    ##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Date = 11/27/2001 08:10 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0D79307-84BE-11CE-9641-444553540000}
    #WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    ##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Date = 11/27/2001 08:10 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
    #Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll
    ##(RealNetworks, Inc. [Ver = 1.0.1.2219 | Size = 49198 bytes | Date = 12/04/2005 19:45 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FED7043D-346A-414D-ACD7-550D052499A7}
    #dBpowerAMP Music Converter 1 = D:\Program Files\Illustrate\dBpowerAMP\dBShell.dll
    ##( [Ver = 6, 0, 0, 1 | Size = 110592 bytes | Date = 06/26/2005 12:25 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FFB699E0-306A-11d3-8BD1-00104B6F7516}
    #Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll
    ##(NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 7618560 bytes | Date = 06/01/2006 17:22 | Attr = ])
     
  15. Mcwipenshiner

    Mcwipenshiner Thread Starter

    Joined:
    Aug 6, 2006
    Messages:
    21
    ContextMenuHandlers (Non-Microsoft only)
    #
    ##

    HKCR\*\shellex\ContextMenuHandlers\ewido anti-spyware
    #{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
    ##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 09:38 | Attr = ])

    HKCR\*\shellex\ContextMenuHandlers\LDVPMenu
    #{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
    ##(Symantec Corporation [Ver = 9.0.0.338 | Size = 46192 bytes | Date = 03/12/2004 15:18 | Attr = ])

    HKCR\*\shellex\ContextMenuHandlers\RXDCExtSvr
    #{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} = C:\Program Files\Roxio\Easy Media Creator 8\Virtual Drive\DC_ShellExt.dll
    ##( [Ver = | Size = 110592 bytes | Date = 09/19/2005 18:57 | Attr = ])

    HKCR\*\shellex\ContextMenuHandlers\WinRAR
    #{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\WinRAR\rarext.dll
    ##( [Ver = | Size = 120832 bytes | Date = 01/22/2004 19:36 | Attr = ])

    HKCR\*\shellex\ContextMenuHandlers\WinZip
    #{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    ##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Date = 11/27/2001 08:10 | Attr = ])

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
    #{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
    ##(Symantec Corporation [Ver = 9.0.0.338 | Size = 46192 bytes | Date = 03/12/2004 15:18 | Attr = ])

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Library
    #{54F51408-DD44-4a12-82EF-519AD2A80DE9} = Reg Data missing or invalid
    ##(File not found)

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\RXDCExtSvr
    #{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} = C:\Program Files\Roxio\Easy Media Creator 8\Virtual Drive\DC_ShellExt.dll
    ##( [Ver = | Size = 110592 bytes | Date = 09/19/2005 18:57 | Attr = ])

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
    #{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
    ##(Webroot Software, Inc. [Ver = 5,0,7,1608 | Size = 218112 bytes | Date = 08/03/2006 20:02 | Attr = ])

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
    #{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\WinRAR\rarext.dll
    ##( [Ver = | Size = 120832 bytes | Date = 01/22/2004 19:36 | Attr = ])

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
    #{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    ##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Date = 11/27/2001 08:10 | Attr = ])

    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
    #{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
    ##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 94208 bytes | Date = 06/16/2006 09:38 | Attr = ])

    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
    #{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\WinRAR\rarext.dll
    ##( [Ver = | Size = 120832 bytes | Date = 01/22/2004 19:36 | Attr = ])

    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
    #{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
    ##(WinZip Computing, Inc. [Ver = 4.1 (32-bit) | Size = 20552 bytes | Date = 11/27/2001 08:10 | Attr = ])

    ColumnHandlers (Non-Microsoft only)
    #
    ##

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{FED7043D-346A-414D-ACD7-550D052499A7}
    #dBpShell Class = D:\Program Files\Illustrate\dBpowerAMP\dBShell.dll
    ##( [Ver = 6, 0, 0, 1 | Size = 110592 bytes | Date = 06/26/2005 12:25 | Attr = ])

    Registry Run Keys
    #
    ##

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AcctMgr
    #"C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe" /startup
    ##(Symantec Corporation [Ver = 2004.1.406 | Size = 586896 bytes | Date = 08/18/2004 13:41 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ccApp
    #"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ##(Symantec Corporation [Ver = 2.2.0.577 | Size = 66680 bytes | Date = 02/29/2004 16:44 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CTHelper
    #CTHELPER.EXE
    ##(Creative Technology Ltd [Ver = 1, 2, 0, 2 | Size = 24576 bytes | Date = 03/19/2004 03:33 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CTSysVol
    #"C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" /r
    ##(Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Date = 09/17/2003 10:43 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\New.net Startup
    #rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon
    #"RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter
    #"RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SBDrvDet
    #"C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
    ##(Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Date = 12/03/2002 18:06 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SpySweeper
    #"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    ##(Webroot Software, Inc. [Ver = 5,0,7,1608 | Size = 3871744 bytes | Date = 08/03/2006 20:02 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck
    #%systemroot%\system32\dumprep 0 -u
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vptray
    #C:\PROGRA~1\SYMANT~1\VPTray.exe
    ##(Symantec Corporation [Ver = 9.0.0.338 | Size = 124128 bytes | Date = 03/12/2004 15:18 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WebRebates
    #javaw -cp "C:\Program Files\WebRebates\System\Code" Main lp: "C:\Program Files\WebRebates"
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows Defender
    #"C:\Program Files\Windows Defender\MSASCui.exe" -hide
    ##(Microsoft Corporation [Ver = 1.1.1347.0 | Size = 777424 bytes | Date = 04/03/2006 18:12 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winupdates
    #C:\Program Files\winupdates\winupdates.exe /auto
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\a_usdll
    #cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.dll"
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\b_usexe
    #cmd /C "del C:\WINDOWS\system32\Macromed\Download\Download.exe"
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\c_usdir
    #cmd /C "rmdir /Q C:\WINDOWS\system32\Macromed\Download"
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
    #Installed = 1
    ##

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
    #Installed = 1
    ##

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
    #Installed = 1
    ##

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe
    #C:\WINDOWS\system32\ctfmon.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Startup Lnks
    #
    ##

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    #C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    ##(Adobe Systems Inc. [Ver = 5, 0, 0, 0 | Size = 82026 bytes | Date = 10/11/2001 18:35 | Attr = ])

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
    #C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
    ##( [Ver = | Size = 84 bytes | Date = 09/03/2002 14:36 | Attr = HS])

    C:\Documents and Settings\Paul McLennon\Start Menu\Programs\Startup\DESKTOP.INI
    #C:\Documents and Settings\Paul McLennon\Start Menu\Programs\Startup\DESKTOP.INI
    ##( [Ver = | Size = 84 bytes | Date = 09/03/2002 14:36 | Attr = HS])

    Disabled MSConfig Items
    #
    ##

    HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Weather
    #Weather =
    ##(File not found)

    User Agent Post Platform
    #
    ##

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\\SV1
    #
    ##

    AppInit DLLs
    #
    ##

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    #
    ##(File not found)

    Image File Execution Options
    #
    ##

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    #Debugger = ntsd -d
    ##

    Shell Service Object Delay Load
    #
    ##

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn
    #{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Date = 03/16/2006 23:03 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder
    #{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Date = 03/16/2006 23:03 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray
    #{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck
    #{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276480 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Shell Execute Hooks
    #
    ##

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
    #Microsoft AntiMalware ShellExecuteHook = C:\PROGRA~1\WIFD1F~1\MpShHook.dll
    ##(Microsoft Corporation [Ver = 1.1.1347.0 | Size = 81616 bytes | Date = 04/03/2006 18:12 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}
    #CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll
    ##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 73728 bytes | Date = 06/16/2006 09:38 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972}
    #URL Exec Hook = shell32.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Date = 03/16/2006 23:03 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{E8DEC8EA-8D80-4ec6-AF6B-190A765F1D2F}
    #Reg Data missing or invalid = Reg Data missing or invalid
    ##(File not found)

    Shared Task Scheduler
    #
    ##

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}
    #Browseui preloader = %SystemRoot%\System32\browseui.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) | Size = 1022976 bytes | Date = 05/10/2006 00:23 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030}
    #Component Categories cache daemon = %SystemRoot%\System32\browseui.dll
    ##(Microsoft Corporation [Ver = 6.00.2900.2904 (xpsp_sp2_gdr.060509-0218) | Size = 1022976 bytes | Date = 05/10/2006 00:23 | Attr = ])

    Winlogon
    #
    ##

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
    #C:\WINDOWS\system32\userinit.exe,
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
    #Explorer.exe
    ##(Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System
    #
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
    #
    ##(File not found)

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    #crypt32.dll
    ##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    #cryptnet.dll
    ##(Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    #cscdll.dll
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
    #C:\WINDOWS\system32\NavLogon.dll
    ##(Symantec Corporation [Ver = 9.0.0.338 | Size = 83176 bytes | Date = 03/12/2004 15:17 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    #wlnotify.dll
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    #wlnotify.dll
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    #sclgntfy.dll
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    #WlNotify.dll
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    #wlnotify.dll
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
    #WgaLogon.dll
    ##(Microsoft Corporation [Ver = 1.5.0540.0 | Size = 702768 bytes | Date = 06/19/2006 16:20 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    #wlnotify.dll
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Date = 08/04/2004 02:56 | Attr = ])

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
    #WRLogonNTF.dll
    ##(Webroot Software, Inc. [Ver = 3,0,7,1608 | Size = 208896 bytes | Date = 08/03/2006 20:01 | Attr = ])

    DNS Name Servers
    #
    ##

    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F8CA1E4A-ACA9-44B6-8C83-2B988F68598A}
    # ()
    ##

    Winsock2 Catalogs (Non-Microsoft only)
    #
    ##

    Protocol Handlers (Non-Microsoft only)
    #
    ##

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ipp
    #
    ##(File not found)

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ipp
    #
    ##(File not found)

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp
    #
    ##(File not found)

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp
    #
    ##(File not found)

    Protocol Filters (Non-Microsoft only)
    #
    ##








    [Start Post #2]

    Services
    Name--Internal Name--Startup Type--State--Service Type--
    #Path
    ##(Version Info)

    Application Layer Gateway Service--ALG--On Demand--Running--Win32, running in it's own process--
    #C:\WINDOWS\System32\alg.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Date = 08/04/2004 02:56 | Attr = ])

    ASF Agent--ASFAgent--Automatic--Running--Win32, running in it's own process--
    #C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    ##(Intel Corporation [Ver = 4.0.7.0 | Size = 114688 bytes | Date = 02/10/2003 05:52 | Attr = ])

    Windows Audio--AudioSrv--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Computer Browser--Browser--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Symantec Event Manager--ccEvtMgr--Automatic--Running--Win32, running in it's own process--
    #"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    ##(Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Date = 02/29/2004 16:44 | Attr = ])

    Symantec Settings Manager--ccSetMgr--Automatic--Running--Win32, running in it's own process--
    #"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
    ##(Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Date = 02/29/2004 16:44 | Attr = ])

    Creative Service for CDROM Access--Creative Service for CDROM Access--Automatic--Running--Win32, running in it's own process--
    #C:\WINDOWS\System32\CTsvcCDA.exe
    ##(Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Date = 12/13/1999 02:01 | Attr = ])

    Cryptographic Services--CryptSvc--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\system32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    DCOM Server Process Launcher--DcomLaunch--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\system32\svchost -k DcomLaunch
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Symantec AntiVirus Definition Watcher--DefWatch--Automatic--Running--Win32, running in it's own process--
    #"C:\Program Files\Symantec AntiVirus\DefWatch.exe"
    ##(Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Date = 03/12/2004 15:17 | Attr = ])

    DHCP Client--Dhcp--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Logical Disk Manager--dmserver--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    DNS Client--Dnscache--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k NetworkService
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Error Reporting Service--ERSvc--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Event Log--Eventlog--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\system32\services.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Date = 08/04/2004 02:56 | Attr = ])

    COM+ Event System--EventSystem--On Demand--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    ewido anti-spyware 4.0 guard--ewido anti-spyware 4.0 guard--Automatic--Running--Win32, running in it's own process--
    #C:\Program Files\ewido anti-spyware 4.0\guard.exe
    ##(Anti-Malware Development a.s. [Ver = 4, 0, 0, 172 | Size = 172032 bytes | Date = 06/16/2006 09:38 | Attr = ])

    Fast User Switching Compatibility--FastUserSwitchingCompatibility--On Demand--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Help and Support--helpsvc--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Iap--Iap--Automatic--Running--Win32, running in it's own process--
    #C:\Program Files\Dell\OpenManage\Client\Iap.exe
    ##(Dell Computer Corporation [Ver = 7, 0, 316, 0 | Size = 163840 bytes | Date = 04/04/2002 13:56 | Attr = ])

    Server--lanmanserver--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Workstation--lanmanworkstation--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    TCP/IP NetBIOS Helper--LmHosts--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k LocalService
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Network Connections--Netman--On Demand--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Network Location Awareness (NLA)--Nla--On Demand--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Norton Unerase Protection--NProtectService--Automatic--Running--Win32, running in it's own process--
    #C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    ##(Symantec Corporation [Ver = 17.0.0.82 | Size = 81920 bytes | Date = 09/10/2003 06:26 | Attr = ])

    NVIDIA Display Driver Service--NVSvc--Automatic--Running--Win32, running in it's own process--
    #C:\WINDOWS\system32\nvsvc32.exe
    ##(NVIDIA Corporation [Ver = 6.14.10.9131 | Size = 155715 bytes | Date = 06/01/2006 17:22 | Attr = ])

    Plug and Play--PlugPlay--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\system32\services.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Date = 08/04/2004 02:56 | Attr = ])

    IPSEC Services--PolicyAgent--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\lsass.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Protected Storage--ProtectedStorage--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\system32\lsass.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Remote Access Connection Manager--RasMan--On Demand--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Remote Registry--RemoteRegistry--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\system32\svchost.exe -k LocalService
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    RoxMediaDB--RoxMediaDB--On Demand--Running--Win32, running in it's own process--
    #"C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe"
    ##(Sonic Solutions [Ver = 8.0.1.93 | Size = 856064 bytes | Date = 09/19/2005 17:24 | Attr = ])

    Roxio Hard Drive Watcher--RoxWatch--Automatic--Running--Win32, running in it's own process--
    #"C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe"
    ##(Sonic Solutions [Ver = 8.0.1.93 | Size = 155648 bytes | Date = 09/19/2005 17:20 | Attr = ])

    Remote Procedure Call (RPC)--RpcSs--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\system32\svchost -k rpcss
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Security Accounts Manager--SamSs--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\system32\lsass.exe
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Task Scheduler--Schedule--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Secondary Logon--seclogon--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    System Event Notification--SENS--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\system32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Windows Firewall/Internet Connection Sharing (ICS)--SharedAccess--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])

    Shell Hardware Detection--ShellHWDetection--Automatic--Running--Win32, running in a shared process--
    #C:\WINDOWS\System32\svchost.exe -k netsvcs
    ##(Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Date = 08/04/2004 02:56 | Attr = ])
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/489973

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice